valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cb683a6b56
SigmaHQ/rules/windows/sysmon
History
Florian Roth cb683a6b56 Rule: Suspicious executions in web folders / non-exe folders
2017-03-13 23:56:06 +01:00
..
sysmon_bitsadmin_download.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_certutil_decode.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_malware_verclsid_shellcode.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_mimikatz_detection_lsass.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_mimikatz_inmemory_detection.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_mshta_spawn_shell.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_office_macro_cmd.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_office_shell.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_password_dumper_lsass.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_powershell_download.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_powershell_network_connection.yml Reduced to user accounts 2017-03-13 19:09:29 +01:00
sysmon_powershell_suspicious_parameter_combo.yml Bugfix in rule 2017-03-13 15:09:48 +01:00
sysmon_powershell_suspicious_parameter_variation.yml Rule: Suspicious PowerShell Parameter Substring 2017-03-13 17:23:25 +01:00
sysmon_susp_driver_load.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_susp_execution_path_webserver.yml Rule: Suspicious executions in web folders / non-exe folders 2017-03-13 23:56:06 +01:00
sysmon_susp_execution_path.yml Rule: Suspicious executions in web folders / non-exe folders 2017-03-13 23:56:06 +01:00
sysmon_susp_file_execution.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_susp_mmc_source.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_susp_schtask_creation.yml Rule: Scheduled task creation 2017-03-13 20:45:28 +01:00
sysmon_vssadmin_delete.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_vul_java_remote_debugging.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_webshell_detection.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00
sysmon_webshell_spawn.yml Sysmon as 'service' of product 'windows' 2017-03-13 09:23:08 +01:00